Individuals regularly interact with IT systems from multiple separate security domains. For example, someone who works for or is associated with a corporation or entity typically deals with an enterprise domain for work and with a non-enterprise domain for other matters. The integrity of each domain, i.e., its protection from unwanted external forces, must be managed through security, privacy and other defenses. Some domains, such as those for enterprises, assure integrity by limiting access to only trusted people and software. Today, the most widely accepted way to ensure the integrity of multiple domains is to use a separate physical device to access each domain. This could, for example, be a PC for the enterprise domain and a smart phone for the non-enterprise domain. In this case:                1. The PC and the IT systems in the enterprise domain have hardware and/or software security capabilities to authenticate, authorize and manage users; to assure that only qualified software is used; to protect and manage proprietary data on the PC, and to provide secure, encrypted communication for transmission of data between the host and the PC.        2. The smart phone used in the non-enterprise domain is a separate processing system that supports functions such as non-enterprise email, social media, Internet services, user-selected applications and games, photos, music and video content. Individuals are responsible for maintaining the security of their non-enterprise domain. Frequently the level of user-managed security is poor.        
Some mobile devices, such as BLACKBERRY® devices (registered mark of Research In Motion Limited, 295 Phillip Street Waterloo, Ontario N2L 3W8 CANADA), iPhone® devices (registered mark of APPLE INC., 1 INFINITE LOOP CUPERTINO Calif. 95014) and ANDROID® phones (registered mark of Google Inc., 1600 Amphitheatre Parkway Mountain View Calif. 94043), support limited cross-domain operation. They permit access to specially designed applications (e.g. email) that run in one domain from a device that operates in a different domain. Such applications are designed to assure the integrity of the domains, typically by special code on both on the device and on a host computer.